bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 05:29

Target

bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe
Size

158KB
MD5

552c89f263da8a2be5ee486c7899c69c
SHA1

93fa60f6658e16f66f34f4d71fa3580c1d2d8b23
SHA256

bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9
SHA512

277f92c073795097182c6171bae28fdd1963e393f4d5a45dbf05a12d64a0113c467e5ff3e973e559919585d42e2a359bc71d68334c4517842f845bb9acd82c66
SSDEEP

3072:vATo/H9MtR/k1cZVSoww29o7f/jdHlPOsMn8P8f3oeUB1HP9T:vDH9MT/mcZV1wwYojrdHlYnnsLHPd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	1088	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1508	1088	bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe	27
PID 1088 wrote to memory of 1508	1088	bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe	27
PID 1088 wrote to memory of 1508	1088	bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe	27
PID 1088 wrote to memory of 1508	1088	bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe	27

C:\Users\Admin\AppData\Local\Temp\bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe
"C:\Users\Admin\AppData\Local\Temp\bb1315edf8afea8dac3e2a54090366c9aca699b6de9f64b0446212f9be6ec8f9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 152
  2⤵
  - Program crash
  PID:1508

memory/1088-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download